https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185166#M9117 <P>What firmware release is being used here?<BR />Also, have you attempted any debugging steps here?&nbsp;<A href="https://support.checkpoint.com/results/sk/sk62482" target="_blank">https://support.checkpoint.com/results/sk/sk62482</A>&nbsp;</P> Thu, 29 Jun 2023 13:37:11 GMT PhoneBoy 2023-06-29T13:37:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/184893#M9116 <P>Hi there to you all,</P><P>&nbsp;</P><P>I face a rather annoying situation.</P><P>Our client has bought several SMB Appliances for protection and safe routing through VPN Site to Site communication.</P><P>We implemented a Star network topology with those appliances.</P><P>The star is on our private cloud (it is on a vm) and the satellites are centrally managed through Smart-1 Cloud.</P><P>Well, everything was good till yesterday when the&nbsp;VPN tunnel could not be established, the negotiation fails on Main Mode packet 5-6 with "INVALID-COOKIE".</P><P>Also, follow sk126092, it did not work for us.</P><P>The appliances were a cluster of two 1600 SMBs.</P><P>The weird thing is that inside the Smart-1 cloud says that it has "issues": "IPSec VPN blade is about to expire Jun 26, 2023 (Evaluation)" when on the appliance itself everything seems ok: "IPSec, expiration Never, Service CPSB-VPN"</P><P>I suspect that this is a glitch on Smart-1 Cloud because when I check "Licenses" in the tab below for each member of the cluster, it says that "127.0.0.1 Never&nbsp;00-1C-...&nbsp;<SPAN>CPAP-AP1600 CPSG-C-12-U CPSB-FW CPSB-VPN CPSB-IA CPSB-SSLVPN-500 CPSB-ADNC CPSB-ADNC-M..."</SPAN></P><P>Any ideas?</P><P>&nbsp;</P><P>Update: we are in the third "phase" of ecalation but with no result so far.</P><P>It seems that licensing "problems" is just "cosmetics" and nothing has to do with the real problem that causes the IKE rejection.</P><P>We have already renew our certificates to no avail,</P><P>we created brand new certificates and installed them also to no avail.</P><P>&nbsp;</P><P>Please, we need your ideas!!!&nbsp;</P><P>Help!</P> Tue, 27 Jun 2023 11:50:09 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/184893#M9116 geza 2023-06-27T11:50:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185166#M9117 <P>What firmware release is being used here?<BR />Also, have you attempted any debugging steps here?&nbsp;<A href="https://support.checkpoint.com/results/sk/sk62482" target="_blank">https://support.checkpoint.com/results/sk/sk62482</A>&nbsp;</P> Thu, 29 Jun 2023 13:37:11 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185166#M9117 PhoneBoy 2023-06-29T13:37:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185183#M9118 <P><SPAN>Hi there PhoneBoy,</SPAN></P><P>&nbsp;</P><P><SPAN>The current firmware version is&nbsp;</SPAN><STRONG>R81.10 (996000575)<BR />I&nbsp;</STRONG>followed the steps on the sk, I had a session with a Checkpoint Engineer (3rd escalation) but to no avail&nbsp;</P><P>Thank you for your effort anyway,</P><P>I would appreciate any other ideas!</P> Thu, 29 Jun 2023 15:47:39 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185183#M9118 geza 2023-06-29T15:47:39Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185205#M9127 <P>Do you have the exact set of symptoms in sk126062?<BR />Otherwise, those remediation steps won't work and deeper debugs will be required.<BR />Did you actually take the debugs as specified in sk62482 and provide these to TAC?</P> Thu, 29 Jun 2023 18:17:26 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185205#M9127 PhoneBoy 2023-06-29T18:17:26Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185231#M9128 <P>Yes and yes.</P><P>Thanks again for your effort!</P> Thu, 29 Jun 2023 21:01:56 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Site-to-Site-down/m-p/185231#M9128 geza 2023-06-29T21:01:56Z